IP drop list

[Steffen Kaiser]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Mon, 2 Mar 2015, Reindl Harald wrote:
> Am 02.03.2015 um 10:06 schrieb Steffen Kaiser:
>> If such plugin(?) is available, I would expect immediate complains, it
>> does not support:
>> 
>> + local file lists with various sets of syntaxes
>> + RBLs with a fine grained response matching
>> + use the same RBL response for multiple match-action pairs
>
> or it could work just with no config, unconditional and

therefore I wrote, that I expect complains, if this feature would work 
like that

>                                                          in front of any 
> authentication,

what is that same as to place it as first passdb, with the overhead of 
parsing the config file and adding it into the passdb{} chain.

>                  frankly even without any response - connection -> RBL check 
> -> close connection, done

some external RBLs return certain information in the response, e.g. 
127.0.0.2 is less problematic than 127.0.0.1, so "I expect complains" this 
or that RBL is not working correctly ;-)

> hence RBL's make sense in the core because *in front* of any other protocol 
> specific code

That's TCP wrapper or a firewall, IMHO. (for a file list, not RBL). 
However, there used to be a RBL patch for TCP wrapper and some 
distribution provide other implementations of a TCP wrapper with RBL, if 
this post correct: 
http://grokbase.com/t/centos/centos/143mg1wxsj/does-anyone-use-tcp-wrappers-hosts-allow-hosts-deny-anymore

- -- 
Steffen Kaiser
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEVAwUBVPQufHz1H7kL/d9rAQKC3wf/ZuStrHInsV3OkgDC5EDBeSyvMOxlskiy
xCNUeAxaqPt4DvgCHnXmXX3V2yi+hXvsFyWhIBcsJcgUvbi0sJWwy7Undw2Fs6Cf
iaOD3+u1VV+7IwiiZIMNMpUcDisj9Ic3DBoDTx9SeyBS09i7lKAVORZw486LooWX
uTCMZOEmzH43DEfHxmIMPMcyQBF4b7kzc3A/sabpc70bhrJAV8E2ZNpPzIyAiC3A
PwjUR+YfdYoorqz79ymmzcngsUUSAXfiUAhJpRyVOL2UiMurjROdsU5vSpXJm71j
lgELgKpo6DkIjX+qAPVtdPu/J6cRLUcfvysNezU2vV9KpgJk97cwmw==
=2nvt
-----END PGP SIGNATURE-----